People are becoming increasingly reliant on the Internet for consumer business transactions such as shopping, banking, and paying bills. These activities, referred to collectively as e-commerce, require that users have a mechanism to assure themselves that the system at the other end of the communication is legitimately the business it purports to be, and is not falsely representing itself. In other words, users need some way to verify the identity of a system at the far end of the e-commerce transaction.
This is particularly important with the rise of “phishing”. Members of the general public can be fooled into providing personal information by simply displaying a banner at the top of a computer interface window. An illegitimate entity presents the user with a web page purporting to belong to a legitimate business, and collects any sensitive information entered by the user. Examples of people being tricked into entering sensitive information, such as passwords or social security numbers, into false websites are unfortunately very common. Nefarious activities such as phishing can erode the public's confidence in e-commerce.
There is therefore a need for the general public to easily and reliably verify the identity of a requester of sensitive information during an online session. Such a verification mechanism must be user friendly and not require any specialized knowledge, so that users may engage in e-commerce with ease and confidence.